I’m trying to understand how roles, dependencies, and tags work together.
I’m seeing “wrong” behavior when I use meta/main.yml dependencies: and tags -or- I do not understand how all these things work together.
I apologize for the long post but I want to make sure I get all the details posted.
I have 3 roles.
The gnutls-certs role is for creating unsigned SSL certificates and I want to use it in any other role what needs SSL certificates. In this example it’s a dependency in nagios-servers and syslog-clients.
The nagios-servers role is for setting up a nagios server. It needs a SSL certificate for the web server.
The syslog-clients role is for setting up a rsyslog client using SSL to communicate back to a central rsyslog server.
Directory tree
.
├── group_vars
├── host_vars
├── roles
│ ├── gnutls-certs
│ │ ├── defaults
│ │ ├── files
│ │ ├── handlers
│ │ ├── meta
│ │ │ └── main.yml
│ │ ├── tasks
│ │ ├── templates
│ │ ├── tests
│ │ └── vars
│ ├── nagios-servers
│ │ ├── defaults
│ │ ├── files
│ │ ├── handlers
│ │ ├── meta
│ │ │ └── main.yml
dependencies:
- { role: gnutls-certs }
│ │ ├── tasks
│ │ ├── templates
│ │ └── vars
│ │ │ └── main.yml
MY_ca_pem: “/path/to/nagios-servers/ca.pem"
MY_ca_key_pem: “/path/to/nagios-servers/ca-key.pem"
│ ├── syslog-clients
│ │ ├── defaults
│ │ ├── handlers
│ │ ├── meta
│ │ │ └── main.yml
dependencies: - { role: gnutls-certs }
│ │ ├── tasks
│ │ ├── templates
│ │ └── vars
│ │ │ └── main.yml
MY_ca_pem: “/path/to/syslog-clients/ca.pem"
MY_ca_key_pem: “/path/to/syslog-clients/ca-key.pem"
Both the nagios-servers role and the syslog-clients role have a dependency on the gnutls-certs role identified via the meta/main.yml (see above)
The nagios-servers role identifies the CA (variable MY_ca_pem) and key (MY_ca_key_pem) via the nagios-servers/vars/main.yml
The syslog-clients role identifies the CA (variable MY_ca_pem) and key (MY_ca_key_pem) via the syslog-clients/vars/main.yml
Simple plays with debug.